CVE-2026-32202: Zero-Click Windows Shell Flaw Actively Exploited After Incomplete Patch
Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are warning that a new Windows zero-click vulnerability, CVE-2026-32202, is being exploited in the wild. The flaw sits in Windows Shell and enables “authentication coercion” that can silently expose sensitive data to a network adversary. Microsoft first disclosed the issue on April 14 and updated…